CVE-2026-43429
Analyzed Analyzed - Analysis Complete
USB: usbtmc Driver Timeout Handling Fix

Publication date: 2026-05-08

Last updated on: 2026-05-20

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts for some usb_bulk_msg() calls. Since the user can specify arbitrarily long timeouts and usb_bulk_msg() uses unkillable waits, call usb_bulk_msg_killable() instead to avoid the possibility of the user hanging a kernel thread indefinitely.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-20
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43429
EUVD
EUVD-2026-28735
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.167 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.19 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.78 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.9 (exc)
linux linux_kernel From 4.19 (inc) to 5.10.253 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can impact system stability and reliability. Because the usbtmc driver can hang a kernel thread indefinitely when a user specifies a long timeout, it may lead to resource exhaustion or denial of service conditions on the affected system. This could degrade system performance or cause certain USB devices to become unresponsive.

Executive Summary

This vulnerability exists in the Linux kernel's usbtmc driver, which handles USB Test and Measurement Class devices. The driver accepts timeout values from users through an ioctl command and uses these timeouts in usb_bulk_msg() calls. However, usb_bulk_msg() uses unkillable waits, meaning if a user specifies an arbitrarily long timeout, it can cause a kernel thread to hang indefinitely. The vulnerability is resolved by replacing usb_bulk_msg() with usb_bulk_msg_killable(), which allows the wait to be interrupted and prevents indefinite hanging.

Mitigation Strategies

The vulnerability is resolved by updating the Linux kernel to a version where the usbtmc driver uses usb_bulk_msg_killable() instead of usb_bulk_msg() for user-specified timeouts. Therefore, the immediate mitigation step is to apply the kernel update that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43429. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart